A security vulnerability in Exim

News and announcements regarding Debian and the forum. Not for support questions.

Re: A security vulnerability in Exim

Postby rickbol » 2010-12-31 18:48

My machine was rooted by this vulnerabilty. I'm in the process of recovering, and it isn't going well.

I've restored a backup and tried to "upgrade" (which updates to the patched exim4). Unfortunately, exim (and avahi-daemon) failed to start with the exim error being: "user mail was not found" when dpkg tries to run exim4.config. The full apt-get error sequence is:

Setting up exim4-config (4.69-9+lenny1) ...
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
exim: could not open panic log - aborting: see message(s) above
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp, not installing
/var/lib/exim4/config.autogenerated.tmp to /var/lib/exim4/config.autogenerated
dpkg: error processing exim4-config (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of exim4-base:
exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
Package exim4-config is not configured yet.
Package exim4-config-2 is not installed.
Package exim4-config which provides exim4-config-2 is not configured yet.
dpkg: error processing exim4-base (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of exim4-daemon-light:
exim4-daemon-light depends on exim4-base (>= 4.69); however:
Package exim4-base is not configured yet.
dpkg: error processing exim4-daemon-light (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of bsd-mailx:
bsd-mailx depends on exim4 | mail-transport-agent; however:
Package exim4 is not installed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is not configured yet.
dpkg: error processing bsd-mailx (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mailx:
mailx depends on bsd-mailx; however:
Package bsd-mailx is not configured yet.
dpkg: error processing mailx (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
exim4-config
exim4-base
exim4-daemon-light
bsd-mailx
mailx
E: Sub-process /usr/bin/dpkg returned an error code (1)

I've removed\purged exim and tried to reinstall, but get the same error. After hours reading various reports of this exim error, the only "solved" threads (from years ago) were regarding various file permission issues (at least one case regarding /etc/passwd). in my case, strace shows the following file access failures:

38733:610 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
38735:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38742:610 <... open resumed> ) = -1 EACCES (Permission denied)
38750:610 <... open resumed> ) = -1 EACCES (Permission denied)
38764:610 <... open resumed> ) = -1 EACCES (Permission denied)
38767:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38769:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38771:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38774:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38776:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38778:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38781:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38783:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38785:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38788:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38790:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38792:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38795:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38797:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)

"chmod 777 /etc/passwd" doesn't help.

Another fix was to modify line 642 of /var/lib/exim4/config.autogenerated.tmp from "user = mail" to "user = 8" (the "number" for the "mail" user?), but the thread rightly suggested that this wasn't advisable.

Anyone have any ideas about what's wrong with /etc/passwd and how to fix it?

Many thanks
rickbol
rickbol
 
Posts: 0
Joined: 2010-12-31 18:23

Re: A security vulnerability in Exim

Postby natirips » 2011-02-27 16:23

rickbol wrote:"chmod 777 /etc/passwd" doesn't help.
Never do that. That would let anyone do whatever they want with your password.
User avatar
natirips
 
Posts: 32
Joined: 2010-06-22 10:19
Location: Solar system/~Zagreb

Re: A security vulnerability in Exim

Postby raboof » 2011-05-21 19:13

rickbol wrote:exim (and avahi-daemon) failed to start with the exim error being: "user mail was not found" when dpkg tries to run exim4.config.

Sorry for perhaps asking the obvious, but do you have a 'mail' user? ;)
raboof
 
Posts: 67
Joined: 2008-08-02 10:47

Re: A security vulnerability in Exim

Postby bugsbunny » 2011-06-25 21:17

To check if you have a mail user, and if it's setup correctly:
Code: Select all
# grep mail /etc/passwd /etc/shadow
/etc/passwd:mail:x:8:8:mail:/var/mail:/bin/sh
/etc/shadow:mail:*:14576:0:99999:7:::
User avatar
bugsbunny
 
Posts: 5355
Joined: 2008-07-06 17:04

Re: A security vulnerability in Exim

Postby mildred » 2012-04-13 13:40

I had a similar problem.

My server had its root filesystem on an sdcard, and over time, i got many I/O errors. Today, I replaced it with a hard drive. I copied everything from the exsiting sdcard to the hard disk using `cp -a`. Surprisingly, most things works fine ... except avahi-daemon (and postfix). Also, I could start avahi-daemon, but using --no-drop-root.

Both get permission denied looking at world-readable files, or files they should be able to read anyway.

After looking at everything, I noticed that when I did ls -la /etc, the ".." directory had strange permissions... in fact, when I formatted the hard drive, using disk utilities, It changed ownership of the whole filesystem to my user id. My solution was to do both:

Code: Select all
chown root:root /
chmod 755 /


Everything seems to work fine now !
mildred
 
Posts: 0
Joined: 2012-04-13 13:24

Previous

Return to News & Announcements

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable